April 14, 2022

UMDCTF 2022 Legacy

Legacy was a pwn challenge I really enjoyed since its solution was so simple and yet so beautiful.

Basically, they provide us with a "server" we can connect that via netcat.

Initial Analysis

After connecting we’ll observe the following:

They want us to enter their "secret" number which is supposedly between 0 and 0.something. However, in reality, this is just complete distraction from what’s really the vulnerability.

Python 2 😂😂💩🗑️

Entering anything that’s not a number, results in the error message above which already gives away a lot. First of all, we can see that this is a python error message and therefore we know that the server runs python code. Nevertheless, it also shows us the line where the error occurred – that’s not just super helpful but basically gives us the solution. We can just enter the phrase "secret" and we’ll get the flag. This works due to Python2’s bad development and the way the code was written. Python2’s input() function for some reason evaluates the input, leading to the statement being true if we enter "secret".